MCPcopy Create free account
hub / github.com/ElementsProject/elements / multiUserAuthorized

Function multiUserAuthorized

src/httprpc.cpp:97–126  ·  view source on GitHub ↗

This function checks username and password against -rpcauth entries from config file.

Source from the content-addressed store, hash-verified

95//This function checks username and password against -rpcauth
96//entries from config file.
97static bool multiUserAuthorized(std::string strUserPass)
98{
99 if (strUserPass.find(':') == std::string::npos) {
100 return false;
101 }
102 std::string strUser = strUserPass.substr(0, strUserPass.find(':'));
103 std::string strPass = strUserPass.substr(strUserPass.find(':') + 1);
104
105 for (const auto& vFields : g_rpcauth) {
106 std::string strName = vFields[0];
107 if (!TimingResistantEqual(strName, strUser)) {
108 continue;
109 }
110
111 std::string strSalt = vFields[1];
112 std::string strHash = vFields[2];
113
114 static const unsigned int KEY_SIZE = 32;
115 unsigned char out[KEY_SIZE];
116
117 CHMAC_SHA256(reinterpret_cast<const unsigned char*>(strSalt.data()), strSalt.size()).Write(reinterpret_cast<const unsigned char*>(strPass.data()), strPass.size()).Finalize(out);
118 std::vector<unsigned char> hexvec(out, out+KEY_SIZE);
119 std::string strHashFromPass = HexStr(hexvec);
120
121 if (TimingResistantEqual(strHashFromPass, strHash)) {
122 return true;
123 }
124 }
125 return false;
126}
127
128static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
129{

Callers 1

RPCAuthorizedFunction · 0.85

Calls 8

TimingResistantEqualFunction · 0.85
CHMAC_SHA256Class · 0.85
findMethod · 0.80
HexStrFunction · 0.50
FinalizeMethod · 0.45
WriteMethod · 0.45
dataMethod · 0.45
sizeMethod · 0.45

Tested by

no test coverage detected